CEOCFO:Mr. Phelps, I see on your website, “Safeguard Innovation,” how are you
doing that?

Mr. Phelps:Safeguarding
innovation is our core competency. We believe that there is a real need for
organizations across all industry, academic and government sectors to
protect their trade secrets, proprietary information and other innovation
assets from converged cyber security, physical security and insider threats.
We focus our efforts on directing and guiding client organizations on the
design, implementation, and management of innovation trade secret protection
programs to safeguard their information assets for loss, theft and
misappropriation.

CEOCFO:
Would you elaborate on the convergence?

Mr. Phelps:
Based on security trends, there is an understanding that the cyber and
physical threat vectors have converged. For example, we now see
cyber-attackers now attempting to compromise employees through spear-phishing
and social targeting campaigns to steal login credentials. Traditional
security models within organizations separated the IT security or logical
security function from the physical security or global security function. We
believe that those security functions should be converged to effectively
identify, assess and respond to emerging converged threat vectors.
Eventually you will see the single chief security officer that is
responsible for both the physical personnel and physical security of an
organization as well as protecting the information assets. There are
parallels regarding risk and threat. Certainly, the threats have converged,
so no longer is it just cyber-attack that you must worry about, it is
cyber-attack that is being facilitated or enhanced by the insider threat for
example. What is happening in the world is that the risk is converging, so
organizations must keep up with that threat and risk management by
converging their security practices in-house.

CEOCFO:
Who is concerned about protecting their innovations and willing to take
steps, and who should be concerned?
Mr. Phelps:
Currently, most organizations have not designated a specific corporate
officer that is responsible for the protection of the innovation assets;
which is surprising because most of American innovation and our
organizational value comes from ideas in the form of innovation and
invention. We believe that every organization that relies on innovation and
invention as a competitive edge should have a Chief Innovation Risk
Management Officer (CIRMO) to manage the risks related to the loss, theft
and misappropriation of trade secrets and other proprietary information.
Occasionally we will meet a Chief Risk Officer, but typically those risk
officers focus on the financial assets and financial risk related to
monetary and operational concerns and very little focus has been dedicated
to protecting the ideas that will drive the organization’s value. Our
opinion is that it seems that safeguarding innovation should be a management
issue and should be treated as one of the largest assets that an
organization has, and have the controls in place just like the organization
has for the other types of assets. Safeguarding innovation should be
considered a key priority for executives in today’s operation environment
across all industry and academic sectors.

CEOCFO:
How are you educating people about the risk?

Mr. Phelps:
I spend 80% of my time educating executives and other organizational
stakeholders by talking about the risks and threats that an organization
faces, including audiences from Fortune 500 corporations, universities and
other organizations that rely on invention and innovation for start-up
capital, revenue generation, investments and grants. I spend most my time
telling the story that organizations are under attack from sophisticated
threats, like Nation State-Sponsored threat actors. For example, we know
that foreign governments are targeting innovation because it is cheaper to
steal a trade secret than it is to create the innovation from scratch. The
feedback we receive from organizations is that there seems to be a lack of
awareness as to what the actual threat landscape is across corporate and
academic sectors. Most executives understand that there is a cyber threat
that is an external computer-based threat trying to break into the
inner-workings of their organizations. However, this idea that there could
be insiders that are working either independently or with those outsiders is
a relatively new concept for organizations. We spend most our time trying to
get the audience to listen to the evidence that there is a new threat
landscape that has emerged (i.e., the insider threat being compromised by
the sophisticated outsider threat). We encourage organizations to launch
pilot program to better understand their specific risks and vulnerabilities
to assess the likelihood and impact of the new threat within their
organizations. Once we highlight there is a problem and they believe there
is a problem, typically they will buy into that this is a risk that can be
managed properly. Then we make our best case that our company [Trust Farm]
is well positioned to assist with their risk management plan based on our
extensive experience with mitigating the actual threat. We are leader in the
Insider Threat Management-as-a-Service practice and can effectively and
create a turnkey innovation protection program that is tailored to the
individual organization. We present the problem but also the solution.

CEOCFO:
Would you tell us about the solutions you offer?

Mr. Phelps:
We view the risk of innovation loss, theft and misappropriation as an
Enterprise Risk issue. Our solutions are designed to fit within an
organizations management structure and approach to risk management. Are
solutions are designed to answer the question: ‘What is the likelihood and
impact that the organization could suffer an innovation loss or trade secret
theft either by an outsider, a less-than-ethical competitor or an insider
that has breached the inherent trust between employer and employee and
decided to misappropriate trade secrets?” That risk assessment approach
allows organizations to understand the scope of the problem. Understanding
that there is a risk to be managed is the first step.

We typically
start with an Innovation Protection pilot program to determine the scope and
scale of an organization’s risk related to the loss, theft and
misappropriation of their trade secrets and other proprietary information.
Trust Farm deploys a proprietary Data Loss Prevention (DLP) intelligence
solution called the ‘149™ Nation State Threat Finder’ that identifies Nation
State-Sponsored threats operating in an organization. We also deploy a
proprietary investigation tool called “ObserveTRUST™’ to the endpoint to
observe specific high-risk user behaviors at the keyboard and mouse-click
level, as we believe that the individual ‘bad apple’ employee or contractor
poses the greatest risk to the organization. Once we identify the scope and
scale of the insider threat risk within the client organization, we create a
turn-key Insider Threat Management-as-a-Service (ITMaaS) program to
identify, assess, investigate and remediate innovation risks. Our ITMaaS
programs focus on establishing an effective governance model that is
sponsored by the appropriate executive level to ensure the risk management
efforts are supported across the organization. We then ensure that the
organization’s policies and procedures are clear and obvious, so that
employees, contractors and other insiders understand the organization’s
expectations as they relate to the protection of the innovation and
invention. We also design, develop and deliver training and awareness
campaign content to reinforce the policies and procedures related to the
protection of innovation. Our solutions then focus on the monitoring for
compliance to an organization’s policies and procedures; we deploy our 149™
Nation State Threat Finder and our ObserveTRUST™ Insider Threat Management
solutions that monitor for specific insider behaviors and alert our
dedicated/embedded Insider Threat Management analyst to suspicious
behaviors. The Trust Farm Insider Threat analyst assesses the incident and
escalates to the investigation protocols established within the
organization. Once the incident is investigated, we assist with organization
in determining the best remediation option to take, including the option to
take disciplinary action against the insider, refer the incident to
intellectual property counsel for civil litigation, or refer the incident to
law enforcement if the evidence suggests that a state or federal crime may
have been committed.

Our solutions
are designed so that client organizations can create effective Innovation
Protection Programs that quickly identify, assess and mitigate the risk of
trade secret loss, theft and misappropriation. We believe that proactive
prevention and intervention of improper employee handling of innovation and
trade information is always better than a reactive approach to risk
mitigation. We have the solution that manages the risk in a compliant and
fair manner that builds trust.

CEOCFO: Do
you see a point where insurers would require a company to have a plan like
Trust Farm in place? Is there a way around directly starting with the
company, such as working with the people who are engaging with a company to
present Trust Farm? Are you reaching out to those groups?

Mr. Phelps:
We believe that the creators and owners of innovation and invention assets
are in the best position to protect those information assets from loss,
theft and misappropriation. We also believe that those creators and owners
have the responsibility to protect and safeguard those assets. However, we
do recognize that there are other entities that have an interest in
preserving the integrity and value of those assets. For example, we believe
that the investors, research grant authorities, venture capitalists, and
other vested stakeholders should have a voice in safeguarding the innovation
and invention that drives an organization’s value proposition. We believe if
someone has made an investment for research and development programs to any
recipient, then the recipient has a moral, ethical and financial
responsibility to safeguard that investment and any assets resulting from
the research funding. We believe that stakeholders, such as investors and
research grant authorizers, should mandate that the organization implement a
specific Innovation Protection Program that safeguards research information
assets from loss, theft and misappropriation. We believe that those
Innovation Protection Programs must be minimum standards, such as the
program standards established by Trust Farm. We are exploring whether
organizations that provide that financing, such as government research grant
programs like the National Institute of Health (NIH) or a venture capitalist
or some other fund manager that is giving seed money to an organization,
would consider making Innovation Protection Program implementation a
requirement for funding. We have written best practice standards for
protecting trade secrets and safeguarding trade secrets in America. Our idea
is that recipients of funds should be required to meet those standards and
have safeguarding in place to protect those assets.

CEOCFO:
Why use Trust Farm?

Mr. Phelps:
Trust Farm has real-life experience to identify, mitigate, and remediate the
theft, loss and misappropriation of innovation trade secrets. We are the
only company in the United States that create Innovation Protection Programs
for client organizations using our proprietary approach to Insider Threat
Management-as-a-Service (ITMaaS). From a competitive perspective, we offer
the advantage of experience and know-how in protecting trade secrets. We
have created Innovation Protection Programs for clients across industry and
academic sectors, including Fortune 500 companies, university systems and
government agencies. We also have the proprietary solutions that are
effective to provide clients with a working Innovation Protection Program
that reduces the likelihood and impact of a trade secret loss, theft and
misappropriation event. Trust Farm provides turn-key solutions to safeguard
our client’s most valuable assets, including the deployment of on-site
ITMaaS teams. Most of our staff have backgrounds in the U.S. government
counter-intelligence or counter-espionage space, so we know how ‘bad apples’
behave within organizations. We have the proven experience to apply risk
mitigation standards to any organization framework so that organizations
small, medium and large can tailor a solution that fits not only their
culture but their budget to mitigate the largest threat innovative
organizations face, which is the threat of loss, theft and misappropriation
of trade secrets and other proprietary information. We invite prospective
clients to contact us so that we can give them the specifics of how our
solutions work, and connect them with current client reference to hear the
effectiveness and value of our approach first-hand.

“Safeguarding innovation should be considered a key priority for executives
in today’s operation environment across all industry and academic sectors.”
- Allen L. Phelps